Showing results for 
Search instead for 
Did you mean: 

Community Helping Community


ASA 5520 - IOS 8.3.1 - VPN LAN TO LAN

Hi guys, i have ASA 5520 with many VPN LAN To LAN and VPN Remote Access. There is a VPN Lan To Lan with this configuration : --------------------------------- --------------------------------------------------

Real IP                                                  IP SOURCE NAT                                                       IP DESTINATION NAT
(Server)                                                (ASA 5520)                                                               (REMOTE PEER)
(INSIDE -                (INSIDE - SNAT

Flow without translation : From TO
Flow with translation : From TO -------------------> SERVER
                                    From TO ------------------> ASA
Flow without translation : From TO ---------------> REMOTE PEER
Flow with translation : From TO -------------------> ASA

Below the configuration :

access-group Traffico-Inbound-Outside in interface OUTSIDE
access-group Traffico-Outbound-Inside-Outside in interface INSIDE
access-list Traffico-Inbound-Outside extended permit ip any host
access-list Traffico-Outbound-Inside-Outside extended permit ip host host

nat (INSIDE,OUTSIDE) source dynamic VPNL2LIdmNAT- VPNL2LIdmNAT-IPSRC destination static VPNL2LIdmNAT- VPNL2LIdmNAT-
nat (INSIDE,OUTSIDE) source static VPNnonat- VPNnonat- destination static VPNnonat- VPNnonat-

access-list VPNL2LFilterIDM extended permit tcp host range 1024 65535 host eq 7002
access-list VPNL2LFilterIDM extended permit tcp host eq 7002 host range 1024 65535
access-list VPNL2LCryptoIDM extended permit ip host host

crypto map outside_map 120 match address VPNL2LCryptoIDM
crypto map outside_map 120 set peer
crypto map outside_map 120 set transform-set IDMSet
crypto ipsec transform-set IDMSet esp-aes-256 esp-sha-hmac

tunnel-group type ipsec-l2l
tunnel-group general-attributes
tunnel-group ipsec-attributes
 pre-shared-key *****

group-policy internal
group-policy attributes
 vpn-filter value VPNL2LFilterIDM

When the server in the INSIDE network try to telnet 7002 is all ok. But when the telnet the in the log i see :

Oct 23 10:08:24 Oct 23 2014 10:08:24 IDC-CISCOFWUS-02 : %ASA-6-302014: Teardown TCP connection 227467 for OUTSIDE: to OUTSIDE: duration 0:00:00 bytes 0 Flow is a loopback

i tried to follow  link with this configuration :

nat (inside,outside) source static VPNnonat- VPNL2LIdmNAT-IPSRC destination static VPNL2LIdmNAT- VPNnonat-
object network VPNnonat-
  nat (outside,inside) static

In this situation is not possible telnet 7002 from







CreatePlease to create content
Content for Community-Ad
FusionCharts will render here